exploitDog

CVE-2021-25077

Опубликовано: 07 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting

Ссылки

https://plugins.trac.wordpress.org/changeset/2654503
Patch
Third Party Advisory
https://wpscan.com/vulnerability/53868650-aba0-4d07-89d2-a998bb0ee5f6
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2654503
Patch
Third Party Advisory
https://wpscan.com/vulnerability/53868650-aba0-4d07-89d2-a998bb0ee5f6
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:visser:store_toolkit_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 2.3.2 (исключая)

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-56vv-w8x4-c263

github

почти 4 года назад

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79